3 matches found
CVE-2025-24720
CVE-2025-24720 describes a Cross-Site Request Forgery (CSRF) to Settings Update vulnerability in the WordPress plugin Sticky Buttons (Wow-Company), affecting versions through 4.1.1. The initial description and multiple security trackers corroborate the CSRF flaw, with references noting impact to ...
WordPress Sticky Buttons Plugin < 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sticky Buttons Type Plugin Vulnerable versions 3.2.4 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c9f456e279d5 Credits Bob Matyas Required...
WordPress Sticky Buttons Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Sticky Buttons Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0703 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ba3529117da4 Credits Dipak Panchal th3.d1p4k...